Kenji Arisawa
E-mail: arisawa@aichi-u.ac.jp
Aichi University
Kurozasa 370, Miyoshi-cho
Aichi, Japan

2002/04/05
Powered by Pegasus 
Password file

NAME
	passwd
LOCATION
	/etc/passwd		# in service space
DESCRIPTION
	Passwd controls access to httpd documents from clients using password.
	The location of this file must be
	/etc
	in service space.

	Directory etc under web root that is assigned to user
	or virtual host is /etc in service space.

	The followings are the example of password file:
	# a sample password file
	'aladdin''s lamp'       54ef36ec71201fdf9d1423fd26f97f6b /photo/private
	poe	*	/documets/secret	# server authentication
	
	In password file, `#' is a comment symbol and empty lines are ignored.
	After removing comment, a line contains three fields.

	First field is the name of a realm.
	'aladdin''s lamp' in this example means "aladdin's lamp".
	If spaces and/or quotation symbols are included in the name,
	rc style string rules are applied.

	Second field is MD5 of the password. The output of the next command
	is the value:
		echo -n 'open sesame' | md5sum
	If second field is `*', the authentication is to be done by authentication
	server.

	Third field is a path to file or directory.
	Password is requested in accessing to the file or to the files under
	the directory.

	Clients will be prompted to enter user name and password in accessing
	to the realm.
	Pegasus will allow the client to enter the realm only if user name
	is same as the that of realm and password is same as that for realm.

	User name and the password is requested only once for a realm.
	The server will send a message "Keep Out (XX realm)" to the client.
	Client will show the password for the realm to the server
	to be allowed to enter.
	Client puts the password into memory and send it automatically in next
	access.

	The password may be stolen if the network is snooped by someone when
	the password is sent to the server. The password is encoded in base64,
	and it is easily decoded to the raw password.

	Server administrator also knows the raw password in case of authentication
	server.

	File `passwd' is located in CPU server. Therefore the file may be
	read by other users. Good password is required in case of MD5.

	This authentication is based on "basic authentication" defined
	in HTTP/1.0.
	The scheme is widely used because of its simplicity but weak in
	network snooping. Therefore don't use for secure documents.
NOTE
	See path matching for more information
	to judge whether the requested path matches third field.
	The judge will be executed after all URI transformation.
	(This means the requested path is transformed to the path of a file.)